At RSA Conference 2015 here in San Francisco, there’s a lot of discussion about weaknesses to the electrical and wifi systems aboard airplanes. The discussion often turns to the case of hacker Chris Roberts (@Sidragon1 on Twitter).
There’s been a lot of strong reaction to news of Roberts being pulled from a plane for jokingly tweeting that he might mess around with the plane’s electronic systems.
There’s a lot of overreaction to this story. The TSA and feds certainly overreacted. But those who hold Roberts up as a victim of government oppression are overreacting, too.
The reality of the situation is that Roberts shouldn’t have tweeted about messing with a plane while sitting in one.
The Electronic Frontier Foundation (EFF) has come to his aid, releasing a statement that said, among other things:
United’s refusal to allow Roberts to fly is both disappointing and confusing. As a member of the security research community, his job is to identify vulnerabilities in networks so that they can be fixed. Indeed, he was headed to RSA speak about security vulnerabilities in a talk called “Security Hopscotch” when attempting to board the United flight. EFF has long been concerned that knee-jerk responses to legitimate researchers pointing out security flaws can create a chilling effect in the infosec community. EFF’s Coders’ Rights Project is intended to provide counseling and legal representation to individuals facing legal threats, which is why we’re glad to represent Chris Roberts.
True, it is his job to point out flaws in networks so they can be fixed. True, the FBI confiscating some of his gear was an overreaction.
But nearly 14 years after 9-11, security practitioners should know better than to joke publicly about committing what the authorities will inevitably see as a potential terrorist attack.
Marc Rogers, a respected member of the hacking community, summed it up best in a Facebook post he’s given me permission to reference:
While yes, taking all his gear was a gross overreaction, there is nothing different between this and joking TSA that you are carrying a bomb and are going to blow up a plane.
I don’t know Chris Roberts. I’m sure he’s a good guy with a passion for his work. But he knew the authorities were already nervous about his planned presentations. That being the case, he should have known better than to use Twitter as he did in that moment.
I suspect he’ll be more careful next time.
